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Generic risk 1 



I Generic risk 2 



Category 1 (categories are for organizing how generic risks are stored) 



Category 2 (categories are for organizing iiow generic nsks are stored) 
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1/ 



new risk records to be stored in KB 
for use by others 



Risk1 



Risk 2 



Profile 1 



Profile 2 



Context 1 



Context 2 



Contexts (for organizing tiow profiles are stored) 



existing risk records 
for use in a profile 



new risk records to add 
to a profile 



Fig. 1A 
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I Risk record index 



-jRisk 



- Inherent likelihood 



Description 



Residual likelihood 



Inherent risk impact cost 



Residual risk impact cost 



- Inherent risk rating 



Residual risk rating 



Cause 



Description 



Consequence 



Description 



- Inherent cost 



Residual cost 



-| Control 



- Type (Corrective or Preventive?) 



- Description 



Effectiveness 



Fig. 1C 



I Risk record index 
—[Risk 



Cause 



Risk record index 



Consequence 



Risk record index 



Control 



Relational database of risk data 






Fig. 1D 



Create profile. (Includes selecting 
how risk assessment is to be 
performed, and how profile is to be 
displayed for viewing.) 



Assign profile to a context. 




r 



Set up risk management criteria. 
(For example, set limit to 
consequences and set up/ confirm 
likelihood levels, risk rating levels, 
and controls assessment levels.) 





r 


Extract risks from knowledge base 
that apply to profile (project/ goal). 




r 


Create a new risk record (not from 
knowledge base) for each additional 
risk, (includes a risk, its cause, a 
consequence and a control.) 







For each risk record, enter estimate 
of inherent cost of consequence (i.e. 
without any corrective controls) and 
also inherent likelihood of the risked 
event occurring. (System then 
computes the inherent level of risk 
as the product of the inherent 
likelihood and the inherent cost of 
the consequence.) 



Assess each control (preventive or 
corrective) as to its effectiveness. 
(System then computes residual 
likelihood of risked event occurring 
(i.e. with control in place) and the 
residual consequence (with control 
in place), and then, based on the 
residual likelihood and residual 



consequence, the residual rating.) 





r 


Review all risks ranked in order of 
residual rating. 


'I 


r 


Adjust controls so as to fix the 
maximum and total risk to 
acceptable values (in terms of 
residual ratings). 




r 



Create action plan (using tools for 
creating a custom display of risks 
and related controls and 
consequences along with actions to 
be taken to implement the controls). 



Fig. 2 





Hierarchy 


Control 




(risks and 




consequences 
associated with 






each control) 



Description 



Assigned to 



Status 



Fitness 
(key, fallback, or 
redundant) 



Select (highlight) all 
controls for which 
fitness is to be 
indicated as Key (i.e. 
critical). 



Due date 



Fig. 3 



Click on Fitness. 
(System displays Key, 
Fallback, and 
Redundant.) 



Click on Key. 



Fig. 4 



Command system to update 
inherent and residual values 
associated with each risk, based on 
most current values for the same or 
similar risks stored in the knowledge 
base. 



Update inherent and residual values 
associated with each risk, based on 
actual experience in connection with 
profile. 



1 


r 


Review all risks ranked in order of 
residual rating. 




r 


Adjust controls so as to fix the 
maximum and total risk to 
acceptable values (in terms of 
residual ratings). 



Select knowledge base. 




r 


Create new category of risk in 
knowledge base. 




r 


Under new category, enter risk and 
its cause. 




r 


Enter all conseque 
associated with th 
and relate them to 
risk. 


mces to be 

3 just-entered risk, 

the just-entered 



Adjust controls so as to fix the 
maximum and total risk to 
acceptable values (in terms of 
residual ratings). 



Enter all controls for the just-entered 
risk and relate them to the just- 
entered risk. 



Create action plan (using tools for 
creating a custom display of risks 
and related controls and 
consequences along with actions to 
be taken to implement the controls). 



Fig. 6 



Fig. 5 



Fig. 7 



Knowlege base 
(generic risk records) 



11 



existing generic risk records 
+ 

weightings 



Risk processor 



72 



request for risk records 
+ 

specified date(s) 
(one for each measuring field) 



Contexts data store 
(profiles of risk 
records) 



12 



updated or new generic risk records 
+ 

updated or new weightings 



request for risk records 
+ 

specified date(s) 
(one for each measuring field) 



Create new profile. 



Command system to display risk 
records in other, similar profiles 
(possibly maintained by other 
users). 



Command system to add selected 
risk records from the other profiles to 
the new profile. 



Fig. 8 
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